<?php
/**
    flickr_auth v0.1.1
    Copyright 2010 Markus Dolic (crowley@gmx.net)
    
    This file is part of the flickrpost package. 
    (http://code.google.com/p/flickrpost/)
    
    flickrpost is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version. 
    flickrpost is distributed in the hope that it will be useful, 
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details. 
    You should have received a copy of the GNU General Public License
    along with flickrpost.  If not, see <http://www.gnu.org/licenses/>. 
**/

//error_reporting(E_ALL);
require_once(dirname(__FILE__)."/inc/common.php");


function quote($str) { return "'$str'"; }
$PERMTYPES = array('read', 'write', 'delete');
$PERMTYPES_STR = join(", ", array_map("quote", $PERMTYPES));

$addon_name = "flickr_auth<a name='flickr_auth'></a>";
$addon_version = "0.1.1";
$addon_description = "";


// create auth data table if it does not exist yet
$res = mysql_query("SELECT * FROM $TABLE_AUTH LIMIT 1");
if (!$res) {
    mysql_query("CREATE TABLE IF NOT EXISTS $TABLE_AUTH (
                     `api_key` CHAR(40), 
                     `api_secret` CHAR(40), 
                     `api_perm` ENUM(" . $PERMTYPES_STR . "), 
                     `api_token` CHAR(40)
                )");
}
if (!$res or !mysql_num_rows($res) or mysql_num_rows($res) < 1) {
    // insert default config record
	mysql_query("INSERT INTO $TABLE_AUTH VALUES('', '', '" . $PERMTYPES[0] . "', '')");
}

// populate config variables from auth data table
$result = mysql_query("SELECT * FROM $TABLE_AUTH LIMIT 1");
while ($cfg = mysql_fetch_array($result)) {
    $api_key = $cfg['api_key'];
    $api_secret = $cfg['api_secret'];
    $api_perm = $cfg['api_perm'];
    $api_token = $cfg['api_token'];
}

// process addon config form: save submitted API data to DB and authenticate against flickr API
if(isset($_GET['do']) and $_GET['do'] == "flickr_auth_gettoken"){
    $api_key = $_POST['api_key'];
    $api_secret = $_POST['api_secret'];
    $api_perm = $_POST['api_perm'];
    $query = "UPDATE " . $TABLE_AUTH ." SET api_key='$api_key', api_secret='$api_secret', api_perm='$api_perm', api_token=''";
    mysql_query($query) or die(mysql_error());
    unset($_SESSION['phpFlickr_auth_token']);
    $flickr = new phpFlickr($api_key, $api_secret, true);
    $flickr->auth($api_perm, true);
}

// second part of the flickr API authentication: convert the "frob" received from flickr to a token
if (isset($_GET['frob'])) {
    $flickr = new phpFlickr($api_key, $api_secret, true);
    $flickr->auth_getToken($_GET['frob']);
    $token = $_SESSION['phpFlickr_auth_token'];
	mysql_query("UPDATE " . $TABLE_AUTH . " SET api_token='$token'");
    header('location:' . $SITE_URL . 'admin/index.php?view=addons#flickr_auth');
    exit;
}

// build HTML for addon config page
$checked = array();
foreach ($PERMTYPES as $perm) {
    if ($api_perm == $perm) $checked[$perm] = "checked='checked'";
}
$addon_description .= <<<EOT
    <p>Flickr API key data: </p>
    <form action='{$SITE_URL}index.php?do=flickr_auth_gettoken' method='post' accept-charset='UTF-8'>
        <table>
            <tr style='vertical-align:top;'>
                <td>API key: </td>
                <td><input type='text' size='40' name='api_key' value='{$api_key}' /></td>
            </tr>
            <tr style='vertical-align:top;'>
                <td>API secret: </td>
                <td><input type='text' size='40' name='api_secret' value='{$api_secret}' /></td>
            </tr>
EOT;
if ($api_token != "") $addon_description .= <<<EOT
            <tr style='vertical-align:top;'>
                <td>API token: </td>
                <td><input type='text' size='40' name='api_token' value='{$api_token}' disabled='disabled' /></td>
            </tr>
EOT;
$addon_description .= <<<EOT
            <tr style='vertical-align:top;'>
                <td>Permissions: </td>
                <td>
EOT;
foreach ($PERMTYPES as $perm) {
    $checked = '';
    if ($api_perm == $perm) $checked = "checked='checked'";
    $addon_description .= <<<EOT
                    <div style='margin:1px;'>
                        <input type='radio' name='api_perm' value='{$perm}' $checked style="vertical-align:middle; margin:0px;" />
                        $perm
                    </div>
EOT;
}
$addon_description .= <<<EOT
                </td>
            </tr>
        </table>
        <input type='submit' value='Get token' />
    </form>
EOT;
?>
